# Advances in Cryptology - CRYPTO 2003

@inproceedings{Boneh2003AdvancesIC,
title={Advances in Cryptology - CRYPTO 2003},
author={Dan Boneh},
booktitle={Lecture Notes in Computer Science},
year={2003}
}
• D. Boneh
• Published in
Lecture Notes in Computer…
2003
• Computer Science
The security of the RSA cryptosystem depends on the difficulty of factoring large integers. The best current factoring algorithm is the Number Field Sieve (NFS), and its most difficult part is the sieving step. In 1999 a large distributed computation involving hundreds of workstations working for many months managed to factor a 512-bit RSA key, but 1024-bit keys were believed to be safe for the next 15-20 years. In this paper we describe a new hardware implementation of the NFS sieving step…
751 Citations

## Figures, Tables, and Topics from this paper

CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method
• Mathematics, Computer Science
CHES
• 2007
This paper reports implementational and experimental results of a dedicated sieving device "CAIRN 2" with Xilinx's FPGA which is designed to handle up to 768-bit integers and adapted a new implementational method (the pipelined sieving) for NFS sieving.
Diophantine and Lattice Cryptanalysis of the RSA Cryptosystem
• Abderrahmane Nitaj
• Mathematics, Computer Science
Artificial Intelligence, Evolutionary Computing and Metaheuristics
• 2013
A survey of the mathematics of the RSA cryptosystem focussing on the cryptanalysis of RSA using a variety of diophantine methods and lattice-reduction based techniques is given.
Cryptanalysis of the Hidden Matrix Cryptosystem
• Mathematics, Computer Science
LATINCRYPT
• 2010
An efficient cryptanalysis of the so-called HM cryptosystem, and one perturbed version of HM, is presented, and an upper bound on the maximum degree reached during the Grobner basis computation of HM systems is provided.
Inverting HFE Is Quasipolynomial
• Computer Science
CRYPTO
• 2006
The complexity of the decryption attack which uses Grobner bases to recover the plaintext and the complexity of a related distinguisher is considered, which shows that the dec encryption attack has a quasipolynomial complexity, much smaller than the classical subexponential expressions encountered in factoring or discrete logarithm computations.
Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors
• Mathematics, Computer Science
ICISC
• 2008
This paper achieves significantly improved results by modifying the techniques presented by Ernst et.
Partial Key Exposure on RSA with Private Exponents Larger Than N
• Mathematics, Computer Science
ISPEC
• 2012
This paper studies this extended setting of RSA and quantifies the number of bits of d required to mount practical partial key exposure attacks, based on Coppersmith's heuristic methods and validated by practical experiments run through the SAGE computer-algebra system.
New Partial Key Exposure Attacks on CRT-RSA with Large Public Exponents
• Mathematics, Computer Science
ACNS
• 2014
This paper proposes some lattice-based attacks for this extended setting of known LSBs case and introduces two approaches that work up to $$e < N^{{3}\over{8}}$$.
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
• Mathematics, Computer Science
TCC
• 2009
The public-key encryption scheme of Regev, and the identity-basedryption scheme of Gentry, Peikert and Vaikuntanathan are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secret-key, or more generally, can compute an arbitrary function of thesecret-key of bounded output length.
Total Break of the l-IC Signature Scheme
• Mathematics, Computer Science
Public Key Cryptography
• 2008
Efficient forgery and full-key recovery attacks on the l-IC- signature scheme recently proposed at PKC 2007, a multivariate scheme based on a new internal quadratic primitive which is extremely fast since it requires one exponentiation in a finite field of medium size and the public key is shorter than in many multivariate signature schemes.
Partial Key Exposure: Generalized Framework to Attack RSA
This work proposes lattice based approaches to factorize the RSA modulus N=pq (for large primes p, q) when the number of unexposed blocks is n≥1 and analyzes the ISO/IEC 9796-2 standard signature scheme (based on CRT-RSA) with partially known messages.

## References

SHOWING 1-10 OF 27 REFERENCES
Improving Lattice Based Cryptosystems Using the Hermite Normal Form
The increased efficiency of the new cryptosystems allows the use of bigger values for the security parameter, making the functions secure against the best cryptanalytic attacks, while keeping the size of the key even below the smallest key size for which lattice cryptos system were ever conjectured to be hard to break.
Analysis and Improvements of NTRU Encryption Paddings
• Computer Science
CRYPTO
• 2002
It turns out that the first NTRU padding scheme is not even semantically secure (INDCPA), but the second and third can be proven IND-CCA2-secure in the random oracle model, under however rather unusual assumptions.
REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
• Computer Science
CT-RSA
• 2001
REACT is presented, a new conversion which applies to any weakly secure cryptosystem, in the random oracle model, which could become a new alternative to OAEP, and even reach security relative to factorization, while allowing symmetric integration.
Imperfect Decryption and an Attack on the NTRU Encryption Scheme
• J. Proos
• Computer Science
IACR Cryptol. ePrint Arch.
• 2003
A new type of encryption scheme is defined which encompasses both NTRU and an attack model for the attacks presented against it, and uses an oracle for determining if valid ciphertexts can be correctly deciphered, and recover the user’s secret key.
Cryptanalysis of the Public-Key Encryption Based on Braid Groups
• Mathematics, Computer Science
EUROCRYPT
• 2003
This paper shows that the private-key can be recovered from the public-key for several parameters with significant probability in a reasonable time and gives a new requirement for secure parameters against the attack, which more or less conflicts with that against brute force attack.
Title: Estimated Breaking times for Ntru Lattices
In this note we report on experiments with the lattices underlying the NTRU Public Key Cryptosystem. We present data for the time needed to nd a small vector and use this data to extrapolate expected
Pseudorandomness from Braid Groups
• Computer Science
CRYPTO
• 2001
Some cryptographic primitives under two related assumptions in braid groups are presented: which particular bit of the argument x is pseudorandom given f(x).
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
• Mathematics, Computer Science
CRYPTO
• 1991
A formalization of chosen ciphertext attack is given in the model which is stronger than the "lunchtime attack" considered by Naor and Yung, and it is proved a non-interactive public-key cryptosystem based on non-Interactive zero-knowledge proof of knowledge to be secure against it.
Potential Weaknesses of the Commutator Key Agreement Protocol Based on Braid Groups
• Computer Science, Mathematics
EUROCRYPT
• 2002
This article shows how to reduce finding the shared key of this KAP to the list-MSCPs in a permutation group and in a matrix group over a finite field and develops a mathematical algorithm for the MSCP in braid groups.
Public-key cryptosystems provably secure against chosen ciphertext attacks
• Mathematics, Computer Science
STOC '90
• 1990
We show how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given a public-key cryptosystern secure against passive